Sorry, i'm confused....

I've been asked to setup a LDAP server so that our developers can SSH from their computers to remote systems, through the LDAP server, giving us the ability to control who can ssh.....

I've spent the last few days trawlling through the documentation, and get as far as having the ldap server setup, but can't seem to get any further.

Do I need to add local accounts to the LDAP server?

What we were trying to achieve was


User > Ldap Server > Remote Server

with the Remote server pointing at the ldap server for authentication, thus stopping us from creating local accounts and from adding ssh keys to the Remote Servers.






On Tue, May 14, 2013 at 3:21 PM, Dan White <dwhite@olp.net> wrote:

On Tue, May 14, 2013 at 2:54 PM, Dan White <dwhite@olp.net> wrote:
On 05/14/13 11:19 +0100, Stuart Watson wrote:
Hi

I have created an ec2 instance and have installed openldap and setup
openldap to use OpenSSH.  However I cannot ssh from a remote pc, to the
openldap server, I just get invalid user, although the username is the
same
that I have specified in openldap.

Assuming this is a Linux system, use the following to trouble shoot:

getent passwd <user> (verifies your nss ldap plugin)
pamtester (verifies your pam module)
ldapsearch (basic data verification)

On 05/14/13 15:00 +0100, Stuart Watson wrote:
Yes, it's an Ubuntu 12.04 system...This is the walkthrough I have been
following.


http://tuxotaku.com/bitbucket/2011/12/20/setting-up-passwordless-ssh-login-and-key-management-using-l.html

I get as far as the end of this, and try to SSH to the box, and I get
invalid user in the SSH logs.....

That tutorial seems to assume that you have added your users with standard
adduser/useradd utilities.

Try adding your user, and verifying with 'getent passwd <user>', before
trouble shooting ldap or ssh.

--
Dan White